Hierarchical data security measures for a mobile device
Abstract
Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for storing a plurality of stored fingerprints, wherein each of the stored fingerprints is associated with a respective software environment and a respective mobile device; receiving from a first mobile device a first fingerprint of a first software environment in the first mobile device; determining whether the stored fingerprints include less than a threshold amount of fingerprints identical to the first fingerprint; based on a determination that the stored fingerprints include less than the threshold amount of fingerprints identical to the first fingerprint, determining that the first software environment is a compromised software environment; and performing a corrective measure.
Claims
exact text as granted — not AI-modifiedWhat is claimed is:
1. A computer implemented method comprising:
receiving, by a host computer system on a computer network, a first plurality of fingerprints generated by a security measure included in, or associated with, a same version of a first software application executing on first plurality of mobile devices corresponding to a first install base, wherein each of the first plurality of mobile devices corresponding to the first install base is of a same hardware type and executes a same respective software environment including the same version of the first software application, wherein each fingerprint of the first plurality of fingerprints received is representative of a plurality of software resources, including the same version of the first software application, in the same respective software environment;
determining, by the host computer system, that the fingerprints of the first plurality of fingerprints match a previously received fingerprint for the first install base;
storing, by the host computer system, a frequency of the fingerprints of the first plurality of fingerprints determined to match the previously received fingerprint;
receiving, at the host computer system, from a first mobile device corresponding to the first install base, a first fingerprint generated by the security measure included in, or associated with, the same version of the first software application executing on the first mobile device, the first fingerprint being representative of a plurality of software resources, including the same version of the first software application in a software environment of the first mobile device;
determining, by the host computer system, that the first fingerprint of the first mobile device does not match the previously received fingerprint corresponding to the first install base;
based at least partially on determining that the first fingerprint does not match the previously received fingerprint corresponding to the first install base, performing, by the host computer system, a corrective measure including at least one of:
deauthorizing the first software application with respect to the first mobile device;
disabling an account associated with the first mobile device;
requesting data verifying an identity of a user associated with the first mobile device; or
performing risk evaluation with respect to the first mobile device; and
receiving a second plurality of fingerprints generated by the security measure included in, or associated with, the same version of the first software application executing on a second plurality of the mobile devices corresponding to the first install base, wherein each of the fingerprints in the second plurality of fingerprints is representative of the plurality of software resources, including the same version of the first software application, in respective software environments of the second plurality of the mobile devices, the second plurality of fingerprints not matching the previously received fingerprint matching the first plurality of fingerprints,
wherein performing the corrective measure is based at least partially on determining that a frequency of the first plurality of fingerprints is higher than a frequency of the second plurality of fingerprints.
2. The method of claim 1 , wherein determining that the frequency of the first plurality of fingerprints is higher than the frequency of the second plurality of fingerprints comprises determining a number of the first plurality of fingerprints received and a number of the second plurality of fingerprints received.
3. The method of claim 1 , further comprising storing respective fingerprints of the first plurality of fingerprints in a database in association with respective device identifiers of the respective mobile devices from which the respective fingerprints of the first plurality of fingerprints were received.
4. The method of claim 1 , wherein determining that the fingerprints of the first plurality of fingerprints received by the host computer system match the previously received fingerprint for the first install base comprises determining that the fingerprints of the first plurality of fingerprints are identical to the previously received fingerprint for the first install base.
5. The method of claim 1 , wherein the first install base comprises identical mobile devices that execute identical operating systems and identical versions of the first software application.
6. The computer-implemented method of claim 1 , wherein at least the first plurality of fingerprints received by the host computer system represents a valid software environment.
7. The computer-implemented method of claim 1 , further comprising:
receiving, at the host computer system, from a second mobile device corresponding to the first install base, a second fingerprint generated by the security measure included in, or associated with, the same version of the first software application executing on the second mobile device, the second fingerprint being representative of a plurality of software resources including the same version of the first software application in a software environment of the second mobile device; and
based on a determination that the second fingerprint matches the previously received fingerprint for the first install base, determining, by the host computer system, that the software environment of the second mobile device is valid.
8. The computer-implemented method of claim 1 , further comprising:
delaying the performance of the corrective measure until a predetermined amount of time has elapsed or a pseudo-random amount of time has elapsed.
9. The computer-implemented method of claim 1 , further comprising:
delaying the performance of the corrective measure until a predetermined number of requests from the first mobile device have been received or a pseudo-random number of requests from the first mobile device have been received.
10. The computer-implemented method of claim 1 , wherein the first fingerprint is a cyclic redundancy check (CRC), a cryptographic hash function, or sampling of the software environment in the first mobile device.
11. The computer-implemented method of claim 1 , wherein the software environment in the first mobile device comprises software libraries associated with a mobile operating system, wherein the mobile operating system is associated with the first install base.
12. The computer-implemented method of claim 1 , further comprising determining that the software environment of the first mobile device is compromised, wherein the compromised software environment comprises a malicious software component.
13. A non-transitory computer-readable medium having instructions stored thereon, which, when executed by at least one processor in a computer system, cause the computer system to perform operations comprising:
receiving a plurality of fingerprints generated by a security measure included in, or associated with, a same version of a first software application executing on first plurality of mobile devices corresponding to a first install base, wherein each of the first plurality of mobile devices corresponding to the first install base is of a same hardware type and executes a same respective software environment including the same version of the first software application, wherein each fingerprint of the first plurality of fingerprints received is representative of a plurality of software resources, including the same version of the first software application, in the same respective software environment;
determining, that the fingerprints of the first plurality of fingerprints match a previously received fingerprint for the first install base;
storing a frequency of the fingerprints of the first plurality of fingerprints determined to match the previously received fingerprint;
receiving, from a first mobile device corresponding to the first install base, a first fingerprint generated by the security measure included in, or associated with, the same version of the first software application executing on the first mobile device, the first fingerprint being representative of a plurality of software resources, including the same version of the first software application, in a software environment of the first mobile device;
determining that the first fingerprint of the first mobile device does not match the previously received fingerprint corresponding to the first install base; and
based at least partially on determining that the first fingerprint does not match the previously received fingerprint corresponding to the first install base, performing a corrective measure including at least one of:
deauthorizing the first software application with respect to the first mobile device;
disabling an account associated with the first mobile device;
requesting data verifying an identity of a user associated with the first mobile device; or
performing risk evaluation with respect to the first mobile device; and
receiving a second plurality of fingerprints generated by the security measure included in, or associated with, the same version of the first software application executing on a second plurality of the mobile devices corresponding to the first install base, wherein each of the fingerprints in the second plurality of fingerprints is representative of the plurality of software resources, including the same version of the first software application, in respective software environments of the second plurality of the mobile devices, the second plurality of fingerprints not matching the previously received fingerprint matching the first plurality of fingerprints,
wherein performing the corrective measure is based at least partially on determining that a frequency of the first plurality of fingerprints is higher than a frequency of the second plurality of fingerprints.
14. The computer-readable medium of claim 13 , wherein the operation of determining that the frequency of the first plurality of fingerprints is higher than the frequency of the second plurality of fingerprints comprises determining a number of the first plurality of fingerprints received and a number of the second plurality of fingerprints received.
15. The computer-readable medium of claim 13 , the operations further comprising storing respective received fingerprints of the first plurality of fingerprints in a database in association with respective device identifiers of the respective mobile devices from which the respective fingerprints of the first plurality of fingerprints were received.
16. The computer-readable medium of claim 13 , wherein the operation of determining that the fingerprints of the first plurality of fingerprints received by the host computer system match the previously received fingerprint for the first install base comprises determining that the fingerprints of the first plurality of fingerprints are identical to the previously received fingerprint for the first install base.
17. The computer-readable medium of claim 13 , wherein at least the first plurality of fingerprints received represents a valid software environment.
18. The computer-readable medium of claim 13 , the operations further comprising:
receiving, from a second mobile device corresponding to the first install base, a second fingerprint generated by the security measure included in, or associated with, the same version of the first software application executing on the second mobile device, the second fingerprint being representative of a plurality of software resources including the same version of the first software application in a software environment of the second mobile device; and
based on a determination that the second fingerprint matches the previously received fingerprint for the first install base, determining that the software environment of the second mobile device is valid.
19. The computer-readable medium of claim 13 , the operations further comprising:
delaying the performance of the corrective measure until a predetermined amount of time has elapsed or a pseudo-random amount of time has elapsed.
20. The computer-readable medium of claim 13 , the operations further comprising:
delaying the performance of the corrective measure until a predetermined number of requests from the first mobile device have been received or a pseudo-random number of requests from the first mobile device have been received.
21. The computer-readable medium of claim 13 , wherein the first fingerprint is a cyclic redundancy check (CRC) of the software environment in the first mobile device.
22. The computer-readable medium of claim 13 , wherein the software environment in the first mobile device comprises software libraries associated with a mobile operating system, wherein the mobile operating system is associated with the first install base.
23. The computer-readable medium of claim 13 , the operations further comprising determining that the software environment of the first mobile device is compromised, wherein the compromised software environment comprises a malicious software component.
24. A computer system comprising:
a processor; and
computer-readable medium coupled to the processor and having instructions stored thereon, which, when executed by the processor, cause the computer system to perform operations comprising:
receiving a first plurality of fingerprints generated by a security measure included in, or associated with, a same version of a first software application executing on first plurality of mobile devices corresponding to a first install base, wherein each of the first plurality of mobile devices corresponding to the first install base is of a same hardware type and executes a same respective software environment including the same version of the first software application, wherein each fingerprint of the first plurality of fingerprints received is representative of a plurality of software resources, including the same version of the first software application, in the same respective software environment;
determining, that the fingerprints of the first plurality of fingerprints match a previously received fingerprint for the first install base;
storing a frequency of the fingerprints of the first plurality of fingerprints determined to match the previously received fingerprint;
receiving, from a first mobile device corresponding to the first install base, a first fingerprint generated by the security measure included in, or associated with, the same version of the first software application executing on the first mobile device, the first fingerprint being representative of a plurality of software resources, including the same version of the first software application, in a software environment of the first mobile device;
determining that the first fingerprint of the first mobile device does not match the previously received fingerprint corresponding to the first install base;
based at least partially on determining that the first fingerprint does not match the previously received fingerprint corresponding to the first install base, performing a corrective measure including at least one of:
deauthorizing the first software application with respect to the first mobile device;
disabling an account associated with the first mobile device;
requesting data verifying an identity of a user associated with the first mobile device; or
performing risk evaluation with respect to the first mobile device; and
receiving a second plurality of fingerprints generated by the security measure included in, or associated with, the same version of the first software application executing on a second plurality of the mobile devices corresponding to the first install base, wherein each of the fingerprints in the second plurality of fingerprints is representative of the plurality of software resources, including the same version of the first software application, in respective software environments of the second plurality of the mobile devices, the second plurality of fingerprints not matching the previously received fingerprint matching the first plurality of fingerprints,
wherein performing the corrective measure is based at least partially on determining that a frequency of the first plurality of fingerprints is higher than a frequency of the second plurality of fingerprints.
25. The system of claim 24 , wherein the operation of determining that the frequency of the first plurality of fingerprints is higher than the frequency of the second plurality of fingerprints comprises determining a number of the first plurality of fingerprints received and a number of the second plurality of fingerprints received.
26. The system of claim 24 , the operations further comprising storing respective received fingerprints of the first plurality of fingerprints in a database in association with respective device identifiers of the respective mobile devices from which the respective fingerprints were received.
27. The system of claim 24 , wherein the operation of determining that the fingerprints of the first plurality of fingerprints received match the previously received fingerprint for the first install base comprises determining that the fingerprints of the first plurality of fingerprints are identical to the previously received finger print for the first install base.
28. The system of claim 24 , wherein the first install base comprises identical mobile devices that execute identical operating systems and identical versions of the first software application.
29. The system of claim 24 , wherein at least the first plurality of fingerprints received represents a valid software environment.
30. The system of claim 24 , the operations further comprising:
receiving, from a second mobile device corresponding to the first install base, a second fingerprint generated by the security measure included in, or associated with, the same version of the first software application executing on the second mobile device, the second fingerprint being representative of a plurality of software resources including the same version of the first software application in a software environment of the second mobile device; and
based on a determination that the second fingerprint matches the previously received fingerprint for the first install base, determining that the software environment of the second mobile device is valid.
31. The system of claim 24 , the operations further comprising:
delaying the performance of the corrective measure until a predetermined amount of time has elapsed or a pseudo-random amount of time has elapsed.
32. The system of claim 24 , the operations further comprising:
delaying the performance of the corrective measure until a predetermined number of requests from the first mobile device have been received or a pseudo-random number of requests from the first mobile device have been received.
33. The system of claim 24 , wherein the first fingerprint is a cyclic redundancy check (CRC) of the software environment in the first mobile device.
34. The system of claim 24 , wherein the software environment in the first mobile device comprises software libraries associated with a mobile operating system, wherein the mobile operating system is associated with the first install base.
35. The system of claim 24 , the operations further comprising determining that the software environment of the first mobile device is compromised, wherein the compromised software environment comprises a malicious software component.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.